incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Hyde <>
Subject Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part of Web Services )
Date Thu, 20 Feb 2003 21:33:58 GMT
Andrew C. Oliver wrote:
> Is it possible to change the standard as not to infringe on these 
> patents?

It is unlikely that that there are any authentication framework designs 
that don't touch on a number of strong patents.  RSA is only one 
obvious example.  This is a bloody business - there is zero benefit for 
an IP right holder to reveal his hand prior to wide adoption.  Better 
to let all the little fishes swallow the hook before you drag them in.

Why do we know about the RSA one?  Because they participated in a 
standards body where the rules required them to fess-up or relinquish.  
  There are yet more examples of this kind of thing in the footnotes of 
the Liberty Phase I spec, which has a different set of players involved 
in writing the standard.

It is impractical for the foundation to warranty that our code has zero 
patent entanglements.

It should be something we aspire to.  Of course.

In the space between impractical and aspire is real work, damn it.

A policy that we strive to avoid inappropriate patent entanglements 
would be good.  Even if it is stating the obvious.

A standard procedure for clearly passing patent claims thru, without 
comment, from IPR claimants and our users might be helpful.

But that's only nibbles away at the edges of the messy between aspire 
and practical.

This is the horrible messy world the licensing subcommittee of the 
board has spent the last few years working very hard on.  I see signs 
that is coming to closure.  It is their job, but I've regularly heard 
them and the board say that no policy will be compiled into the 
foundation's DNA until the members get to do a review of what they come 
up with.

Is the RSA patent an example of an inappropriate patent entanglement?  
My sense is that in-spite of RSA's history that their goals in this 
situation are very close to ours and that with enough hard work this 
particular problem can be resolved.  It is certainly not clear who is 
going to do that hard work.

Should OpenSAML wait for the "is this inappropriate?" question to get 
resolved.  Damn'd if I know.  I think the incubator PMC should decide 
that, or seek advise.

  - ben

View raw message